![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 66%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES9%3C/text%3E%3C/svg%3E)
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
340 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Thank you for reaching out.
Based on your questions above
If an organisation has ExpressRoute with Microsoft peering enabled, is ER used for all traffic for enabled service tags or only those services hosted in the same tenant?
Yes, it is enabled for the service tags. As documented here
If your ExpressRoute circuit is enabled for Azure Microsoft peering, you can access the public IP address ranges used in Azure over the circuit. Azure Microsoft peering provides access to services currently hosted on Azure (with geo-restrictions depending on your circuit's SKU). To validate availability for a specific service, you can check the documentation for that service to see if there's a reserved range published for that service. Then, look up the IP ranges of the target service and compare with the ranges listed in the Azure IP Ranges and Service Tags – Public Cloud XML file.
Example scenario: connecting to a storage account hosted in a customer's tenant rather than my organisation?
Yes, you can access the storage account hosted in a customer's tenant over Microsoft Peering. For storage account with Network restriction, to allow access to your service resources, you must allow these public IP addresses in the firewall setting for resource IPs. For Microsoft peering, either the service provider or the customer provides the NAT IP addresses. More details can be found here.
Below are some helpful FAQ's regarding this set-up.
- https://video2.skills-academy.com/en-us/azure/expressroute/expressroute-faqs#if-i-pay-for-unlimited-data-do-i-get-unlimited-egress-data-transfer-for-services-accessed-over-microsoft-peering
- https://video2.skills-academy.com/en-us/azure/expressroute/expressroute-faqs#how-is-redundancy-implemented-for-microsoft-peering
- https://video2.skills-academy.com/en-us/azure/expressroute/expressroute-faqs#how-do-i-ensure-that-my-traffic-destined-for-azure-public-services-like-azure-storage-and-azure-sql-on-microsoft-peering-or-public-peering-is-preferred-on-the-expressroute-path
Hope this helps! Please let me know if you have any additional questions. Thank you!
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.